CI uses signatures to verify the validity of requests. The developer authorizes a signature to the client for it to upload, download, and manage the specified resources.
When using CI, you can call RESTful APIs to initiate anonymous or signed HTTP requests. For signed requests, the server will validate the identity of the requester.
CI uses the same signature algorithm as Cloud Object Storage (COS) and uses Hash-based message authentication code (HMAC) custom solutions for identity verification.
Currently, CI has integrated with COS, meaning that you can use a COS domain to process images. The signature version required is different for CI and COS domains.
<bucketname-appid>.<picture region="">.myqcloud.com/<picture name="">
(for example, examplebucket-1250000000.picsh.myqcloud.com/picture.jpeg
). It uses JSON signatures.<bucketname-appid>.cos.<region>.myqcloud.com
(for example, examplebucket-1250000000.cos.ap-shanghai.myqcloud.com/picture.jpeg
). It uses XML signatures. For more information about XML signatures, please see Request Signature.Scenario | Applicable Signature | |
---|---|---|
Processing data upon download | Hotlink protection not enabled | No signature verification |
Hotlink protection enabled | Signature verification | |
Processing data upon upload | Persistent processing | XML signatures |
Bucket API calls | Query, activation, deletion, etc. | XML signatures |
Content recognition | Detecting pornographic, political, or violent/terror content | XML signatures |
To generate a signature, you need the APPID
(e.g., 1250000000), bucket name (e.g., examplebucket-ci
), as well as the SecretID
and SecretKey
of the project.
The following describes how to obtain the information above:
SecretID
and SecretKey
.The signature calculation process of CI is the same as that of COS. You can use a COS signature tool to generate a signature version you need according to the signature scenario.
Signed HTTP requests sent via RESTful APIs can pass the signature in the following ways:
Authorization
header, such as Authorization: q-sign-algorithm=sha1&q-ak=...&q-sign-time=1557989753;1557996953&...&q-signature=...
/exampleobject?q-sign-algorithm=sha1&q-ak=...&q-sign-time=1557989753%3B1557996953&...&q-signature=...
Note:In the example above,
...
are the signatures.
Was this page helpful?